Are Healthcare Firms More Likely to Pay Ransom?
Healthcare firms are a prime target for cybercriminals due to the sensitive nature of the data they hold. Recent research conducted by Arete and Cyentia found that healthcare firms are 75% more likely to pay a ransom in the event of a cyberattack than other industries. This is often due to the critical nature of their operations, as well as the lack of robust cybersecurity measures in place.
The lack of multi-factor authentication (MFA) is another key reason why healthcare firms are more likely to pay a ransom. MFA is a security measure that requires users to provide two or more forms of identification before being granted access to a system or application. This could include something the user knows, such as a password, and something the user has, such as a smartphone or security token.
According to the Verizon Data Breach Investigations Report, only 36% of healthcare firms use MFA, compared to 52% across all industries. This means that healthcare firms are more vulnerable to cyberattacks that rely on stolen or weak passwords, which are often used in ransomware attacks. Without MFA, hackers can gain access to critical systems using stolen or weak credentials, making it easier for them to deploy ransomware. Implementing MFA can significantly reduce the risk of these types of attacks, but many healthcare firms have been slow to adopt this security measure.
In addition to MFA, healthcare firms can take other steps to protect themselves from ransomware attacks. Employee training is critical in ensuring that employees are aware of the risks of cyberattacks and the measures they can take to prevent them. Regular backups can also help to mitigate the impact of a ransomware attack, as data can be restored from a backup if critical systems are compromised. Network segmentation is another measure that can help to limit the spread of ransomware throughout an organization, by dividing the network into smaller, more secure sections.
While paying a ransom may seem like the easiest solution, it is important for healthcare firms to invest in robust cybersecurity measures to prevent attacks from occurring in the first place. This includes implementing MFA, employee training, regular backups, and network segmentation. By investing in these measures, healthcare firms can reduce their vulnerability to ransomware attacks and avoid the need to pay a ransom in the event of an attack.